2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Mitigate phishing scams with help from Mimecast.
Phishing scams and spear-phishing threats are on the rise, causing disruption and damage to enterprises everywhere. Designed to fool your employees into reviewing credentials, passwords and other confidential information, phishing scams are involved in more than 90 percent of hacking attacks today1.
The impact of phishing scams on profitability and productivity is huge. Breaches can cost millions, destroying corporate reputations and significantly degrading customer loyalty. Protecting your organization from phishing threats is critical — and that's where Mimecast can help.
Mimecast's secure email solutions offer comprehensive defense against phishing scams and other advanced threats, as well as data leaks and routine threats like spam, malware and viruses. Offering always-on, always up-to-date protection that eliminates the cost1 and complexity of traditional offerings, Mimecast's email security solutions provide enterprise-grade protection so you and your organization breathe easier.
1 "How to Bridge the Email Security Language Gap Between IT and the C-Suite" – Mimecast blog post by Orlando Scott-Cowley, 10/2015
Mimecast Targeted Threat Protection extends Mimecast's Secure Email Gateway to provide state-of-the-art defenses against malicious links in email and weaponized attachments – the two forms of attacks most often used in phishing scams. By scanning all email in real time and blocking employees from opening suspicious links and attachments, Mimecast helps prevent users from inadvertently downloading malware sharing confidential information. Mimecast also provides dynamic user awareness tools reinforcing security policies and helping employees better assess the risk of email-borne threats.
With Mimecast Targeted Threat Protection, you can:
Mimecast secure email solutions provide defense against phishing scams on two fronts.
Targeted Threat Protection – URL Protect rewrites URLs in all inbound email, scanning destination websites in real time for possible threats before opening a link in the user's browser. If a site is deemed suspicious, Mimecast displays a warning page and blocks access to the website. Mimecast scans URLs on every click to protect against the possibility of a legitimate site being compromised at a later date.
Targeted Threat Protection – Attachment Protect preemptively sandboxes email attachments, checking for malware before delivering them to employees. Attachment Protect also provides the option to convert attachments into a safe file format that neutralizes any malicious code.
Learn more about Mimecast's protection against phishing scams as well as other Mimecast solutions for Data Leak Prevention and Secure Email Messaging.
What are phishing scams?
Phishing scams are a type of cybercrime designed to trick someone into revealing personal data such as passwords, credit card numbers, bank account details, Social Security numbers and other sensitive information by sending communications that impersonate a trusted or legitimate company.
How do phishing scams work?
The most common phishing scams use email messages that appear to be from a legitimate or trusted company. These messages encourage recipients to visit a fraudulent website where their personal information is collected and where malware may be downloaded to their computer. Phishing emails are designed to mimic the branding of a legitimate company and, usually with a sense of urgency, they require the recipient to provide information in order to gain a reward or avoid negative consequences. Common techniques in phishing scams include:
How to report phishing scams?
When you receive an email that appears to be a phishing scam, you should first report it to your company and your IT department, then to your email provider and to the company that the phishing scam is impersonating. It’s also important to report phishing scams to the agencies that work to prevent and prosecute phishing scams, including the Federal Trade Commission (www.ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (firstname.lastname@example.org), and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing.)
How to recognize phishing scams?
While phishing scams are increasingly sophisticated, there are a number of common indicators that users can watch for to avoid being duped.
How to avoid phishing scams?
Companies can help employees avoid phishing scams by providing security awareness training that helps users to spot the telltale signs of a phishing email. Companies can also deploy anti-phishing technology that includes:
Additionally, companies can encourage employees to use two-factor authentication to prevent attackers from gaining access to accounts should users fall prey to phishing scams.